Back to skill

Security audit

ffmpeg-video-editor

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward FFmpeg command helper, with the main caution that its generated commands overwrite output files by default.

Before running generated commands, check the input and output filenames and remove `-y` if you do not want existing files overwritten. Install FFmpeg from a trusted source, since this skill only provides command templates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to always include `-y`, which causes FFmpeg to overwrite existing files without prompting. In an agentic workflow, this can destroy user data or clobber important files if filenames are guessed, reused, or influenced by untrusted input.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.